WO2008058884A1 - Method for identifying peer to peer services in a communications network - Google Patents

Method for identifying peer to peer services in a communications network Download PDF

Info

Publication number
WO2008058884A1
WO2008058884A1 PCT/EP2007/062039 EP2007062039W WO2008058884A1 WO 2008058884 A1 WO2008058884 A1 WO 2008058884A1 EP 2007062039 W EP2007062039 W EP 2007062039W WO 2008058884 A1 WO2008058884 A1 WO 2008058884A1
Authority
WO
WIPO (PCT)
Prior art keywords
tcp connection
service
point
connection number
analysis result
Prior art date
Application number
PCT/EP2007/062039
Other languages
French (fr)
Inventor
Jiang Chang
Yang Liu
Ying Liu
Original Assignee
Nokia Siemens Networks Gmbh & Co. Kg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Gmbh & Co. Kg filed Critical Nokia Siemens Networks Gmbh & Co. Kg
Publication of WO2008058884A1 publication Critical patent/WO2008058884A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Definitions

  • the present invention relates to the field of communication technology, and more particularly to a method and a device for identifying a point-to-point service in a communications network.
  • a typical mode of internet transmission is client-to-server.
  • client-to-server For example, for viewing a webpage, first a client PC sends a request, and then downloads the webpage or a program from a website server. The mode can still be satisfactory when merely viewing webpages.
  • server Given the increased volumes of audio and video, it is impossible for a server to provide the service simultaneously to more users due to the bandwidth limitation.
  • the problem is solved with the appearance of a peer-to-peer (P2P) technology.
  • P2P technology namely terminal to terminal network technology, means that a host computer in a network obtains the resources as a client and at the same time provides services to its peer as a server.
  • Method 1 identifying a P2P service based on a port number. This is because the data is sent through an immovable port number for early P2P services. For example, in the commercial software Gnutella, data are sent through the port 6346 or 6347, while in another commercial software DirectConnect the data are sent through port 411 or 412. Thus, a P2P data stream can be identified merely by monitoring the immovable port number adopted in the P2P service. However, currently most of the P2P service uses a dynamic random port number to send the data, and therefore it is very difficult to identify, track or control the P2P communication through an analysis method simply based on port number.
  • Method 2 identifying the P2P service based on the statistic features of a network flow. This is because a pure P2P flow has its unique distribution characteristics, which specifically show that not only is the flow of pure P2P service larger than the flow of a conventional service, but also the flow will increase more rapidly from the starting time of service, and it will decline sharply after staying around a higher volume for a period of time. Therefore the information quantity of P2P flow characteristics is usually measured by using some distribution changes in network flow statistics according to the unique distribution characteristics of the P2P flow. Currently some companies are still using this technology. However, a statistical quantity of the pure P2P service flow will be affected when other non-P2P services also generate large flows. Therefore there are certain errors with this mode for identifying a P2P service.
  • Method 3 identifying a P2P service based on a protocol. This is because each P2P service has its own protocol, and each protocol has its special protocol identifier. Therefore, a P2P service can be identified by detecting the protocol identifier in each data packet in the network. However, with this mode it is necessary to detect each data packet, and therefore it would cause further network delay.
  • the present invention provides a technology for identifying a point-to-point service in a P2P network.
  • the peer-to-peer service can be identified accurately and rapidly.
  • a method for identifying a point-to-point service in a communications network comprising: collecting TCP (transmission control protocol) connection information; performing a property analysis of a TCP connection number on said TCP connection information; determining whether or not a service corresponding to said TCP connection is a point-to-point service according to an analysis result.
  • TCP transmission control protocol
  • Said step of collecting the TCP connection information can comprise : counting TCP data packets grouped by the unit of a time segment, and obtaining the TCP connection information according to packet head information of the TCP data packets; wherein said TCP connection information comprises a TCP connection number, an uploading flow and a total flow.
  • said step of performing the property analysis of said TCP connection number comprises: generating factors for performing the property analysis of the TCP connection number according to said TCP connection information, wherein said factor comprises a TCP connection number variation rate, the percentage of an uploading flow in a total flow, and the quantity of the uploading flow.
  • the property analysis of the TCP connection number on said factors can be performed by using a fuzzy operation rule.
  • said step of performing the property analysis of the TCP connection number on the factors by using a fuzzy operation rule comprises: performing respectively on said factors a corresponding degree of subordination function operation, so as to obtain a matrix of factor evaluation values; multiplying said matrix of factor evaluation values by a weight value of each corresponding factor, so as to obtain the analysis result.
  • Said degree of subordination function is determined by a Cauchy distribution.
  • said step of determining whether or not the service corresponding to said TCP connection is a point-to- point service according to the analysis result comprises: comparing the analysis result with an evaluation threshold, wherein if said analysis result is larger than the threshold, the service is a point-to-point service; otherwise, the service is not a point-to-point service.
  • said step of performing the property analysis of the TCP connection number on said factors by using the fuzzy operation rule further comprises: determining the size of the TCP connection number variation rate and a threshold of the variation rate, wherein if said TCP connection number variation rate is larger than the threshold, it is saved and it proceeds to a following step; otherwise, it returns to the step of collecting the TCP connection information.
  • said steps of performing the property analysis of the TCP connection number on said TCP connection information and determining whether or not the service corresponding to said TCP connection is a point-to-point service according to the analysis result comprise: comparing the TCP connection number with the connections threshold; and wherein if said TCP connection number is larger than the threshold, the service is a point-to-point service; otherwise, the service is not a point-to-point service.
  • step of determining whether or not the service corresponding to said TCP connection is a point-to-point service according to the analysis result it further comprises: outputting the analysis result if the service is a point- to-point service; otherwise, returning to the step of collecting the TCP connection information.
  • the present invention further discloses a device for identifying a point-to-point service in a communications network, wherein it comprises a data collecting unit, a data analyzing unit and an evaluating unit; and wherein said data collecting unit collects the TCP connection information; said data analyzing unit performs property analysis of a TCP connection number on the TCP connection information collected by said data collecting unit; and said evaluating unit determines whether or not a service corresponding to said TCP connection is a point-to-point service according to the analysis result of said data analyzing unit .
  • said data analyzing unit comprises: a data processing module and a data analyzing module.
  • Said data processing module can generate factors for performing the properties analysis of the TCP connection number according to said TCP connection information.
  • Said data analyzing module can perform the property analysis of TCP connection number on said factors using the fuzzy operation rule.
  • said data analyzing module comprises: an evaluation value matrix generating module and an analysis result generating module; the evaluation value matrix generating module performs a corresponding degree of subordination function operation respectively on said factors, so as to obtain a matrix of factor evaluation values; and the analysis result generating module multiplies said matrix of factor evaluation values by a weight value of each corresponding factor, so as to obtain the analysis result.
  • Said factors can comprise a TCP connection number variation rate.
  • Said device can further comprise a determining module for comparing the variation rate of the TCP connection number generated by the data processing module with a variation rate threshold. If said TCP connection number variation rate is larger than the threshold, said factors are sent to the data analyzing module through a data storage unit; otherwise, the data collecting unit is instructed to continue collecting the TCP connection information.
  • said TCP connection information can comprise a TCP connection number.
  • Said data analyzing unit compares the TCP connection number collected by the data collecting unit with the threshold of the connection number; and said evaluating unit determines whether or not the service corresponding to said TCP connection number is a point-to-point service according to the analysis result of said data analyzing unit .
  • the method of the present invention identifies the peer-to-peer flow by using the statistical characteristics of a TCP connection number in a P2P network. Since each group connection in a P2P communication is a TCP connection, the TCP connection information can be easily obtained by identifying the data packets.
  • the P2P service can be accurately identified by performing the property analysis of the TCP connection number in the P2P network.
  • the present invention uses the fuzzy operation rule, and the accuracy is further improved by a comprehensive evaluation of the information such as the TCP connection number.
  • the TCP connection number is obtained by counting the number of SYN/ACK packets in the P2P network according to the method and device of the present invention, and such counting is real-time and rapid and will not cause any network delay.
  • Fig. 1 is a P2P administration flowchart according to the present invention
  • Fig. 2 is an IP network structure chart capable of administrating the P2P service according to the present invention
  • Fig. 3 is a flowchart of a preferred embodiment 1 for identifying a P2P service according to the present invention
  • Fig. 4 is a device structure chart of the preferred embodiment 1 for identifying the P2P service according to the present invention
  • Fig. 5 is a flowchart of a preferred embodiment 2 for identifying the P2P service according to the present invention.
  • Fig. 6 is a device structure diagram of the preferred embodiment 2 for identifying the P2P service according to the present invention.
  • a distributed P2P communication can be divided into four stages according to its operating principles: a finding and starting stage, a sharing stage, an inquiring and seeking stage, and a downloading stage.
  • a node establishes the connection with a directory server and joins in a P2P network, sends uploading file directory, inquires and seeks other nodes having the files of interest from the directory server.
  • the downloading stage the connection is established between said nodes one by one according to other node information of interest on a list provided by the directory server, so as to complete a file transmission to one another.
  • a P2P protocol will set a maximum-connection number for assuring the regular operation of the P2P network.
  • the node can continue to create the connection with more nodes.
  • the TCP connection requests will obviously increase when performing a P2P service.
  • the node since the node creates the connection with other nodes soon after starting the P2P service, the connection requests will not be sent again after the connections are established.
  • a peak value of a TCP connection number of the P2P service appears soon after starting the P2P service. Since the peak value is generated by the P2P service, the properties including a P2P file sharing and a P2P flow can be reflected by this peak value.
  • the P2P service is identified and administrated using the TCP connection properties according to the present invention.
  • its specific P2P administration process comprises:
  • Step 101 collecting the TCP connection information of an end user
  • Step 102 analyzing and determining whether the TCP connection of said end user is of the TCP connection properties of a P2P service. If it is, it proceeds to Step 103, otherwise it returns to Step 101;
  • Step 103 recognizing an end user as a P2P user and sending an analysis result
  • Step 104 establishing said P2P end user strategy according to the analysis result, and controlling the quality of service; Step 105: sending a relevant strategy; and
  • Step 106 performing the relevant administrations of payment, authentication and so on according to said strategy.
  • the aforementioned P2P administration flow can be completed by three logic function modules, namely a P2P identification module 201, a P2P strategy and control module 202, and a P2P administration module 203.
  • the P2P identification module 201 is used for monitoring the TCP connection properties of the end user, determining whether or not the service corresponding to the TCP connection is a P2P service, and sending an analysis result of the P2P service to P2P strategy and control module 202; and the P2P strategy and control module 202 creates said P2P end user strategy according to the analysis result, controls the quality of service of communication, and sends the corresponding P2P end user strategy to P2P administration module 203.
  • the P2P administration module 203 completes the relevant administrations of payment, authentication and so on according to the P2P end user strategy sent from P2P strategy and control module 202.
  • a technical solution for identifying the point-to-point service provided in the present invention is as follows: collecting the TCP connection information; performing a property analysis of the TCP connection number on said TCP connection information; and determining whether or not the service corresponding to said TCP connection is a point-to- point service according to the analysis result.
  • Step 301 collecting the TCP connection information.
  • the TCP connection information comprises a TCP connection number of the end users in a current time segment, an uploading flow quantity and a total flow quantity.
  • Said TCP connection information has a plurality of collection modes, for example a Software Development Kit (SDK) can be installed at a user end, a gateway, a router or a GGSN (namely Gateway GPRS Support Node) in a mobile communications network, such as a preferred software package winPcap. Then, packet head information is analyzed using the software package, so as to collect the TCP connection information.
  • SDK Software Development Kit
  • GGSN Gateway GPRS Support Node
  • the present invention is applied in an IMS network, since an IMS session will be created before creating the TCP connection, and a presence server in the IMS network can record the online user' s information, therefore the TCP connection information can be obtained by the online user' s information recorded in the presence server in the IMS network.
  • the TCP connection number is obtained by counting the number of said connection request packets according to the present invention, and the uploading data flow number and the total flow number are obtained according to said packet head information of the connection requests.
  • the collection mode of the present invention is to perform the collection preferably in the unit of a time segment, and said time segment can be set in advance according to the measurement data, for example setting 30s as an interval .
  • a TCP connection variation rate and an average percentage are generated according to the collected TCP connection information, wherein said TCP connection variation rate is a rate between the connections in current time segment and the connections in a previous time segment, and the average percentage is a percent between the average uploading flow quantity and the total flow quantity within several adjacent time segments.
  • the reason for taking the average uploading flow quantity is that it is known to those skilled in the art that the characteristics of all the P2P services, especially P2P stream media services, are that a user can upload only after creating the TCP connection, and the increasing uploading flow tends to become stable after the user TCP connection number becomes stable, therefore the increase and then stabilization of the uploading flow quantity are usually behind the appearance of the peak value of the TCP connection; therefore in order to make the measured data facilitate the accurate determination, the measurement time segment of the uploading flow is set at the time soon after the appearance of peak value of the TCP connection, and the average value of the connections within several adjacent time segments is counted, thus said average percentage is the percent between the average value of the uploading flow and the total flow within several time segments soon after the appearance of peak value of the TCP connection instead of the percent between the uploading flow and the total flow at the time when the peak value of the TCP connection appears .
  • the TCP connection number variation rate is compared with the variation rate threshold; said threshold is pre-set, and its threshold range is preferably greater than or equal to 4, and preferably the variation rate threshold is set at 4 in the present invention. If the TCP connection number variation rate generated is larger than the threshold, then said TCP connection number variation rate, average percentage and uploading flow quantity are saved, and Step 304 is executed; otherwise, it returns to Step 301 after the processing result is discarded.
  • Step 304 performing the analysis of the variation rate, the percentage and the uploading flow quantity value.
  • the three factors of TCP connection number variation rate, the average percentage and the uploading flow quantity value are analyzed using a fuzzy operation rule; to make the description simple, the TCP connection number variation rate is denoted by Cr; the average percentage is denoted by ⁇ ; the uploading flow value is denoted by t u .
  • the values of the above three factors are calculated respectively with corresponding degree of subordination function.
  • the result of each function comprises two values, and they denote the possibility of the P2P service and the possibility of non-P2P service respectively.
  • the evaluation set of each factor is obtained by a fuzzy mapping from U to V for each factor using the corresponding degree of subordination function: f:U ⁇ F(V) namel y
  • the common distributions comprise rectangular distribution, semi- rectangular distribution, semi-trapezoidal distribution, parabolic distribution, normal distribution, Cauchy distribution, and mountainous distribution. It is suggested to select the Cauchy distribution to determine the degree of subordination function, so as to obtain a better evaluation result .
  • the empirical degree of subordination function of Cr is defined as:
  • the result T 11 is obtained by computing the degree of subordination function of factor Cr, and its value denotes the possibility of the P2P service.
  • the result of 1-T 11 is regarded as the possibility of non-P2P service, namely T 12 , and then an evaluation set Vi of factor Cr can be obtained according to T 11 , T 12 .
  • the evaluation set V 3 of factor t u can be obtained by the degree of subordination function constructed by Cauchy distribution according to the aforementioned method, which does not need further description.
  • An evaluation value matrix is further generated according to said three degrees of subordination functions, namely
  • the unpopular files in the P2P service the users participating in file mutual-transmission are relatively few so the TCP connection number created by users is small, and therefore the peak value of TCP connection number of this type of unpopular files is not more obvious than the peak value of connections of popular files in the P2P service.
  • certain non-P2P service for example, a web service
  • the connections properties of non P2P service would be close to the TCP connection number properties of the unpopular P2P service. It is difficult to precisely differentiate only depending on the TCP connection variation rate here.
  • the weight values are different because the importance of said three factors is different, for example setting the weight values of three factors at 0.4, 0.4 and 0.2 respectively.
  • Step 305 Evaluating the analysis result and determining whether or not a service corresponding to said TCP connection is a point-to-point service.
  • the final identification is made according to the generated comprehensive evaluation result B.
  • the identification precision is determined by adjusting its evaluation value according to the user needs: if adopting less precision, only bi>b2 is needed, namely to set said evaluation threshold at 0.5.
  • bi>0.5 the corresponding service is then regarded as the P2P service; otherwise, the corresponding service is not regarded as the P2P service. If the precision needs to be improved, the evaluation threshold can be increased properly.
  • the corresponding service is then regarded as P2P service; otherwise, the corresponding service is not regarded as P2P service .
  • Step 306 When the analysis result indicates that the corresponding service is the P2P service, performing Step 306; otherwise it returns to Step 301.
  • Step 306 outputting the analysis result.
  • the analysis result corresponding to the P2P service is outputted, and then the P2P system can construct the P2P strategy according to said analysis result and perform the corresponding administration, thereby controlling the quality of service. Since the operation such as administration after outputting the analysis result is not the protected content of the present invention, here we will not go further on this point .
  • the present invention also provides a device for identifying a point-to-point service, comprising: a data collecting unit 401, a data analyzing unit 402, and an evaluating unit 409.
  • the data collecting unit 401 outputs the collected TCP connection information to the data analyzing unit 402; said data analyzing unit 402 performs the properties analysis of the TCP connection number on said TCP connection information; and the evaluating unit 409 determines whether or not a service corresponding to said TCP connection is a point-to-point service according to the analysis result of said data analyzing unit 402.
  • Fig.4 is a device structure chart of the embodiment one of method for identifying P2P service according to the present invention.
  • Said device comprises: a data collecting unit 401, a data analyzing unit 402, a storage unit 405, an evaluating unit 409 and an adjustment unit 410.
  • Said data analyzing unit 402 comprises a data processing module 403, a determining module 404, a data analyzing module 407; and said data analyzing module 407 comprises an evaluation value matrix generating module 406 and an analysis result generating module 408.
  • the data collecting unit 401 is used for checking the data packet head, collecting the TCP connection request data packets by grouping them in the unit of a time segment, and outputting the collected TCP connection information to the data analyzing unit 402 to perform the processing analysis; said TCP connection information comprises the TCP connection number at the user end, the uploading flow number and the total flow number.
  • Said data processing module 403 generates the factors for the property analysis of the TCP connection number according to the collected TCP connection information, and said factors comprise a TCP connection number variation rate and a percentage of the uploading flow quantity in the total flow quantity.
  • Said TCP connection number variation rate is a rate between the connections in current time segment and the connections in a previous time segment, and the average percentage is a percentage between the average uploading flow quantity and the total flow quantity within several adjacent time slots.
  • Said determining module 404 determines if the processing result is saved according to the comparison result between the TCP connection number variation rate and the variation rate threshold pre-set in the adjustment unit 410. If said TCP connection number variation rate is larger than the variation rate threshold, then said factors are sent to the data analyzing module 407 through the storage unit 405; otherwise, the data collecting unit 401 is instructed to continue to collect the TCP connection information.
  • the data analyzing module 407 performs the property analysis of the TCP connection number on the factors stored in the storage unit 405 using a fuzzy operation rule.
  • Said analysis process comprises the evaluation value matrix generating module 406 performing a corresponding degree of subordination function operation on said factors respectively, so as to obtain the matrix of factor evaluation values; the analysis result generating module 408 multiplies said matrix of factor evaluation values by the factor weight values, and outputs the generated analysis result to the evaluating unit 409.
  • Said evaluating unit 409 performs the final analysis on the result according to an evaluation threshold pre-set in the adjustment unit 410, and determines whether or not a service corresponding to said TCP connection is a point-to-point service. If it is a point-to-point service, said evaluating unit 409 outputs the result of P2P service; otherwise, the data collecting unit 401 is constructed to continue to collect the TCP connection information.
  • the adjustment unit 410 is used for collecting the time segment, and adjusting said degree of subordination function, weight values, variation rate thresholds and evaluation thresholds of three factors.
  • the method for identifying the P2P service of the present invention in addition to adopting the aforementioned fuzzy algorithm to perform the analysis on factors such as the variation rate of TCP connection number, can perform the identification purely by analyzing the TCP connection number. This is because a service node will create a great deal of TCP connection with other nodes to perform the file mutual- transmission when providing the P2P service, and the TCP connection number of P2P service is more than the connections of other non P2P service. Therefore if the TCP connection number within a time segment is more than the TCP connection number within a previous time slot, then current large TCP connection number is regarded as a P2P connection, and the operating service in the current time segment is regarded as a P2P service.
  • Fig.5 is a flowchart of embodiment 2 according to the present invention for identifying the P2P service. The specific steps of the flowchart are:
  • Step 501 collecting the TCP connection number.
  • Said TCP connection information comprises a TCP connection number at a user end in current time segment, an uploading flow number and a total flow number.
  • Said TCP connection information has a plurality of collection modes, for example a Software Development Kit (SDK) can be installed at a user end, a gateway, a router or a GGSN (namely Gateway GPRS Support Node) in a mobile communications network, such as a preferred software package winPcap. Then, the packet head information is analyzed using the software kit, so as to collect the TCP connection information.
  • the TCP connection number is obtained by counting the number of connection request packets according to the present invention.
  • the preferred mode is to perform the collection in the unit of a time segment, and said time segment can be set in advance according to the measurement data, for example setting 30s as one interval.
  • an IMS session will be created before creating the TCP connection, while a presence server in IMS network can record the online user's information. Therefore the TCP connection number can be obtained by the online user's information recorded in the presence server in the IMS network.
  • Step 502 to Step 503 performing the property analysis of the TCP connection and determining whether or not a service corresponding to said TCP connection is a point-to-point service .
  • connection threshold can be set empirically according to the user's needs for identification precision. For example, a plurality of groups of connection data of a P2P service can be collected, wherein a peak value of TCP connection number which is relatively low but still higher than most of the connection peak values of non P2P service is used as the connection threshold.
  • the setting method provided above is only one of the embodiments, and its design idea is that, so long as a value is between the peak value of TCP connection number of a non P2P service and the peak value of TCP connection number of a P2P service, it can be used as a connection threshold.
  • the setting method is not exclusive because said threshold is set empirically, and therefore so long as said threshold and its setting method are based on the aforementioned idea, they are in the scope of protection of the present invention.
  • Step 504 is executed; otherwise it returns to Step 501.
  • Step 504 outputting the analysis result.
  • the analysis result corresponding to a P2P service is outputted, and then the P2P system can construct the P2P strategy according to said analysis result and perform the corresponding administration, thereby controlling the quality of service. Since an operation such as administration after outputting the analysis result is not the protected content of the present invention, here we will not go further on this point .
  • the present invention also provides a device of embodiment 2 of the method for identifying a P2P service, referring to Fig.6.
  • Fig.6 is the device structure diagram of embodiment 2 of the method for identifying a P2P service according to the present invention.
  • Said device comprises a data collecting unit 601, a data analyzing unit 602, an evaluating unit 603 and an adjustment unit 604.
  • the collecting unit 601 is used for checking the data packet head and collecting the TCP connection request data packets by grouping them in units of time segment, and outputting the collected TCP connection information to the data analyzing unit 602.
  • Said data analyzing unit 602 performs the property analysis of TCP connection number by comparing the TCP connection number with the connections threshold.
  • the evaluating unit 603 determines whether or not a service corresponding to said TCP connection is a point-to-point service according to the analysis result of said data analyzing unit 602. If the TCP connection number is larger than said connections threshold in a time segment, then said evaluating unit 603 regards the performing service as a P2P service, and outputs the result of said P2P service; otherwise, said evaluating unit 603 instructs the data collecting unit 601 to continue collecting the TCP connection information.
  • Said adjustment unit 604 is used for setting a collection time segment and a connection threshold.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a method for identifying point-to-point services in a communication network, which includes: collecting TCP connection information; analyzing properties of TCP connections of the TCP connection information; and determining whether the service corresponding to the TCP connection is a point-to-point service or not according to an analysis result. The present invention further provides a device for identifying a point-to-point service in a communication network, which includes a data collection unit, a data analysis unit, and an evaluation unit. The data collection unit collects TCP connection information, the data analysis unit analyzes properties of TCP connections of the TCP connection information collected by the data collection unit, and the evaluation unit determines whether the relevant service is point-to-point service according to an analysis result of the data analysis unit. Through the aforementioned technical solution, the point-to-point services may be identified accurately and rapidly.

Description

METHOD FOR IDENTIFYING PEER TO PEER SERVICES IN A COMMUNICATIONS NETWORK
Technical Field
The present invention relates to the field of communication technology, and more particularly to a method and a device for identifying a point-to-point service in a communications network.
Background Art
In conventional modes, a typical mode of internet transmission is client-to-server. For example, for viewing a webpage, first a client PC sends a request, and then downloads the webpage or a program from a website server. The mode can still be satisfactory when merely viewing webpages. However, given the increased volumes of audio and video, it is impossible for a server to provide the service simultaneously to more users due to the bandwidth limitation. The problem is solved with the appearance of a peer-to-peer (P2P) technology. The P2P technology, namely terminal to terminal network technology, means that a host computer in a network obtains the resources as a client and at the same time provides services to its peer as a server.
However, with the continuous expansion of the applications of the P2P technology, especially in a file sharing service based on a P2P system, the P2P communication will occupy more bandwidth, thereby consuming a large quantity of network resources and causing network blocking. Therefore, there is a need to keep the P2P service under control, and a precondition of controlling the P2P service is to effectively identify a P2P service .
Currently there are three methods frequently used for identifying the P2P service:
Method 1: identifying a P2P service based on a port number. This is because the data is sent through an immovable port number for early P2P services. For example, in the commercial software Gnutella, data are sent through the port 6346 or 6347, while in another commercial software DirectConnect the data are sent through port 411 or 412. Thus, a P2P data stream can be identified merely by monitoring the immovable port number adopted in the P2P service. However, currently most of the P2P service uses a dynamic random port number to send the data, and therefore it is very difficult to identify, track or control the P2P communication through an analysis method simply based on port number.
Method 2: identifying the P2P service based on the statistic features of a network flow. This is because a pure P2P flow has its unique distribution characteristics, which specifically show that not only is the flow of pure P2P service larger than the flow of a conventional service, but also the flow will increase more rapidly from the starting time of service, and it will decline sharply after staying around a higher volume for a period of time. Therefore the information quantity of P2P flow characteristics is usually measured by using some distribution changes in network flow statistics according to the unique distribution characteristics of the P2P flow. Currently some companies are still using this technology. However, a statistical quantity of the pure P2P service flow will be affected when other non-P2P services also generate large flows. Therefore there are certain errors with this mode for identifying a P2P service.
Method 3: identifying a P2P service based on a protocol. This is because each P2P service has its own protocol, and each protocol has its special protocol identifier. Therefore, a P2P service can be identified by detecting the protocol identifier in each data packet in the network. However, with this mode it is necessary to detect each data packet, and therefore it would cause further network delay. Summary of the Invention
Based on the above problem, the present invention provides a technology for identifying a point-to-point service in a P2P network. By way of this technology, the peer-to-peer service can be identified accurately and rapidly.
According to one aspect of the present invention, it discloses a method for identifying a point-to-point service in a communications network, wherein it comprises: collecting TCP (transmission control protocol) connection information; performing a property analysis of a TCP connection number on said TCP connection information; determining whether or not a service corresponding to said TCP connection is a point-to-point service according to an analysis result.
Said step of collecting the TCP connection information can comprise : counting TCP data packets grouped by the unit of a time segment, and obtaining the TCP connection information according to packet head information of the TCP data packets; wherein said TCP connection information comprises a TCP connection number, an uploading flow and a total flow.
Preferably, said step of performing the property analysis of said TCP connection number comprises: generating factors for performing the property analysis of the TCP connection number according to said TCP connection information, wherein said factor comprises a TCP connection number variation rate, the percentage of an uploading flow in a total flow, and the quantity of the uploading flow.
The property analysis of the TCP connection number on said factors can be performed by using a fuzzy operation rule. Preferably, said step of performing the property analysis of the TCP connection number on the factors by using a fuzzy operation rule comprises: performing respectively on said factors a corresponding degree of subordination function operation, so as to obtain a matrix of factor evaluation values; multiplying said matrix of factor evaluation values by a weight value of each corresponding factor, so as to obtain the analysis result.
Said degree of subordination function is determined by a Cauchy distribution.
Preferably, said step of determining whether or not the service corresponding to said TCP connection is a point-to- point service according to the analysis result comprises: comparing the analysis result with an evaluation threshold, wherein if said analysis result is larger than the threshold, the service is a point-to-point service; otherwise, the service is not a point-to-point service.
Before said step of performing the property analysis of the TCP connection number on said factors by using the fuzzy operation rule, it further comprises: determining the size of the TCP connection number variation rate and a threshold of the variation rate, wherein if said TCP connection number variation rate is larger than the threshold, it is saved and it proceeds to a following step; otherwise, it returns to the step of collecting the TCP connection information.
Preferably, said steps of performing the property analysis of the TCP connection number on said TCP connection information and determining whether or not the service corresponding to said TCP connection is a point-to-point service according to the analysis result comprise: comparing the TCP connection number with the connections threshold; and wherein if said TCP connection number is larger than the threshold, the service is a point-to-point service; otherwise, the service is not a point-to-point service.
After said step of determining whether or not the service corresponding to said TCP connection is a point-to-point service according to the analysis result, it further comprises: outputting the analysis result if the service is a point- to-point service; otherwise, returning to the step of collecting the TCP connection information.
In another aspect, the present invention further discloses a device for identifying a point-to-point service in a communications network, wherein it comprises a data collecting unit, a data analyzing unit and an evaluating unit; and wherein said data collecting unit collects the TCP connection information; said data analyzing unit performs property analysis of a TCP connection number on the TCP connection information collected by said data collecting unit; and said evaluating unit determines whether or not a service corresponding to said TCP connection is a point-to-point service according to the analysis result of said data analyzing unit .
Preferably, said data analyzing unit comprises: a data processing module and a data analyzing module.
Said data processing module can generate factors for performing the properties analysis of the TCP connection number according to said TCP connection information. Said data analyzing module can perform the property analysis of TCP connection number on said factors using the fuzzy operation rule.
Preferably, said data analyzing module comprises: an evaluation value matrix generating module and an analysis result generating module; the evaluation value matrix generating module performs a corresponding degree of subordination function operation respectively on said factors, so as to obtain a matrix of factor evaluation values; and the analysis result generating module multiplies said matrix of factor evaluation values by a weight value of each corresponding factor, so as to obtain the analysis result.
Said factors can comprise a TCP connection number variation rate.
Said device can further comprise a determining module for comparing the variation rate of the TCP connection number generated by the data processing module with a variation rate threshold. If said TCP connection number variation rate is larger than the threshold, said factors are sent to the data analyzing module through a data storage unit; otherwise, the data collecting unit is instructed to continue collecting the TCP connection information.
Wherein, said TCP connection information can comprise a TCP connection number.
Said data analyzing unit compares the TCP connection number collected by the data collecting unit with the threshold of the connection number; and said evaluating unit determines whether or not the service corresponding to said TCP connection number is a point-to-point service according to the analysis result of said data analyzing unit . By way of the above technical solution, the present invention can achieve the following technical effects.
Firstly, the method of the present invention identifies the peer-to-peer flow by using the statistical characteristics of a TCP connection number in a P2P network. Since each group connection in a P2P communication is a TCP connection, the TCP connection information can be easily obtained by identifying the data packets.
Secondly, when starting a P2P service, since one node will establish connection with a large number of nodes, and whenever a group connection is established, a large number of TCP connection request data packets will be sent while creating a lot of TCP connection numbers. Therefore the P2P service can be accurately identified by performing the property analysis of the TCP connection number in the P2P network. Especially, the present invention uses the fuzzy operation rule, and the accuracy is further improved by a comprehensive evaluation of the information such as the TCP connection number.
Finally, since the TCP connection can be created by sending synchronization bit/acknowledge bit (SYN/ACK) packets between the nodes, the TCP connection number is obtained by counting the number of SYN/ACK packets in the P2P network according to the method and device of the present invention, and such counting is real-time and rapid and will not cause any network delay.
Description of the accompanying drawings
Fig. 1 is a P2P administration flowchart according to the present invention;
Fig. 2 is an IP network structure chart capable of administrating the P2P service according to the present invention; Fig. 3 is a flowchart of a preferred embodiment 1 for identifying a P2P service according to the present invention;
Fig. 4 is a device structure chart of the preferred embodiment 1 for identifying the P2P service according to the present invention;
Fig. 5 is a flowchart of a preferred embodiment 2 for identifying the P2P service according to the present invention; and
Fig. 6 is a device structure diagram of the preferred embodiment 2 for identifying the P2P service according to the present invention.
Embodiments
A distributed P2P communication can be divided into four stages according to its operating principles: a finding and starting stage, a sharing stage, an inquiring and seeking stage, and a downloading stage. In the first three stages, a node establishes the connection with a directory server and joins in a P2P network, sends uploading file directory, inquires and seeks other nodes having the files of interest from the directory server. In the downloading stage, the connection is established between said nodes one by one according to other node information of interest on a list provided by the directory server, so as to complete a file transmission to one another.
Usually, a P2P protocol will set a maximum-connection number for assuring the regular operation of the P2P network. In the next stage, if a node connection number does not reach the pre-set maximum-connection number, then the node can continue to create the connection with more nodes. Normally, due to a network delay or a packet loss and so on, or due to users' using habit, one node will send a great deal of connection request information when creating the connection with several nodes. Therefore, the TCP connection requests will obviously increase when performing a P2P service. At the same time, since the node creates the connection with other nodes soon after starting the P2P service, the connection requests will not be sent again after the connections are established. Therefore a peak value of a TCP connection number of the P2P service appears soon after starting the P2P service. Since the peak value is generated by the P2P service, the properties including a P2P file sharing and a P2P flow can be reflected by this peak value.
The P2P service is identified and administrated using the TCP connection properties according to the present invention. Referring to the administration flowchart of the present invention as show in Fig.l, its specific P2P administration process comprises:
Step 101: collecting the TCP connection information of an end user;
Step 102: analyzing and determining whether the TCP connection of said end user is of the TCP connection properties of a P2P service. If it is, it proceeds to Step 103, otherwise it returns to Step 101;
Step 103: recognizing an end user as a P2P user and sending an analysis result;
Step 104: establishing said P2P end user strategy according to the analysis result, and controlling the quality of service; Step 105: sending a relevant strategy; and
Step 106: performing the relevant administrations of payment, authentication and so on according to said strategy.
Referring to Fig. 2, in an IP network, the aforementioned P2P administration flow can be completed by three logic function modules, namely a P2P identification module 201, a P2P strategy and control module 202, and a P2P administration module 203. The P2P identification module 201 is used for monitoring the TCP connection properties of the end user, determining whether or not the service corresponding to the TCP connection is a P2P service, and sending an analysis result of the P2P service to P2P strategy and control module 202; and the P2P strategy and control module 202 creates said P2P end user strategy according to the analysis result, controls the quality of service of communication, and sends the corresponding P2P end user strategy to P2P administration module 203. The P2P administration module 203 completes the relevant administrations of payment, authentication and so on according to the P2P end user strategy sent from P2P strategy and control module 202.
It is known from the above description that, if the administration and control is performed on the P2P service in the IP network, it is necessary to identify the P2P service first, and then to perform the corresponding administration control according to the generated P2P analysis result, so as to assure the quality of service.
A technical solution for identifying the point-to-point service provided in the present invention is as follows: collecting the TCP connection information; performing a property analysis of the TCP connection number on said TCP connection information; and determining whether or not the service corresponding to said TCP connection is a point-to- point service according to the analysis result.
Refer to the flowchart of a preferred embodiment 1 of the method for identifying a P2P communication flow according to the present invention as shown in Fig. 3. Specifically, the method of the present invention can be accomplished by the following steps: Step 301: collecting the TCP connection information.
The TCP connection information comprises a TCP connection number of the end users in a current time segment, an uploading flow quantity and a total flow quantity. Said TCP connection information has a plurality of collection modes, for example a Software Development Kit (SDK) can be installed at a user end, a gateway, a router or a GGSN (namely Gateway GPRS Support Node) in a mobile communications network, such as a preferred software package winPcap. Then, packet head information is analyzed using the software package, so as to collect the TCP connection information. If the present invention is applied in an IMS network, since an IMS session will be created before creating the TCP connection, and a presence server in the IMS network can record the online user' s information, therefore the TCP connection information can be obtained by the online user' s information recorded in the presence server in the IMS network.
Based on the operating principles of the P2P communication, an origin user of the service will create the connection with a great deal of other users after starting the P2P service, and send the connection request packets needed when creating the TCP connection, such as synchronization bit/acknowledge bit (SYN/ACK) packets. The TCP connection number is obtained by counting the number of said connection request packets according to the present invention, and the uploading data flow number and the total flow number are obtained according to said packet head information of the connection requests. The collection mode of the present invention is to perform the collection preferably in the unit of a time segment, and said time segment can be set in advance according to the measurement data, for example setting 30s as an interval .
Step 302 to Step 303: processing the TCP connection information, determining and saving.
Firstly, a TCP connection variation rate and an average percentage are generated according to the collected TCP connection information, wherein said TCP connection variation rate is a rate between the connections in current time segment and the connections in a previous time segment, and the average percentage is a percent between the average uploading flow quantity and the total flow quantity within several adjacent time segments. The reason for taking the average uploading flow quantity is that it is known to those skilled in the art that the characteristics of all the P2P services, especially P2P stream media services, are that a user can upload only after creating the TCP connection, and the increasing uploading flow tends to become stable after the user TCP connection number becomes stable, therefore the increase and then stabilization of the uploading flow quantity are usually behind the appearance of the peak value of the TCP connection; therefore in order to make the measured data facilitate the accurate determination, the measurement time segment of the uploading flow is set at the time soon after the appearance of peak value of the TCP connection, and the average value of the connections within several adjacent time segments is counted, thus said average percentage is the percent between the average value of the uploading flow and the total flow within several time segments soon after the appearance of peak value of the TCP connection instead of the percent between the uploading flow and the total flow at the time when the peak value of the TCP connection appears .
Secondly, the TCP connection number variation rate is compared with the variation rate threshold; said threshold is pre-set, and its threshold range is preferably greater than or equal to 4, and preferably the variation rate threshold is set at 4 in the present invention. If the TCP connection number variation rate generated is larger than the threshold, then said TCP connection number variation rate, average percentage and uploading flow quantity are saved, and Step 304 is executed; otherwise, it returns to Step 301 after the processing result is discarded.
Step 304: performing the analysis of the variation rate, the percentage and the uploading flow quantity value.
For a better analysis, the three factors of TCP connection number variation rate, the average percentage and the uploading flow quantity value are analyzed using a fuzzy operation rule; to make the description simple, the TCP connection number variation rate is denoted by Cr; the average percentage is denoted by θ; the uploading flow value is denoted by tu.
Firstly, the values of the above three factors are calculated respectively with corresponding degree of subordination function. The result of each function comprises two values, and they denote the possibility of the P2P service and the possibility of non-P2P service respectively.
For simplicity, U is defined as a factor set consisting of three aforementioned factors, namely O=Iu1, u∑, U3} , wherein, U1 is Cr; u∑ is θ; U3 is tu. Meanwhile, V is defined as an evaluation set of each factor, namely V= {vi, v2 } , wherein, vi denotes the possibility of the P2P service, and v2 denotes the possibility of non-P2P service.
The evaluation set of each factor is obtained by a fuzzy mapping from U to V for each factor using the corresponding degree of subordination function: f:U→F(V) namely
Figure imgf000015_0001
and there are different setting methods for the degree of subordination functions according to the different problems of fuzzy diagnosis. Normally, there are three main methods, namely F statistical method, trichotomy, and method of determining the degree of subordination function by F distribution. It is suggested to adopt the method of determining the degree of subordination function by F distribution because of needing to construct two-phase function in this problem. The common distributions comprise rectangular distribution, semi- rectangular distribution, semi-trapezoidal distribution, parabolic distribution, normal distribution, Cauchy distribution, and mountainous distribution. It is suggested to select the Cauchy distribution to determine the degree of subordination function, so as to obtain a better evaluation result .
Hereinafter taking Cr and θ as examples, Cauchy distribution is selected to construct the degree of subordination function according to the data obtained in the experiment. The degree of subordination function of factor tu can be obtained by a similar method.
For example, the empirical degree of subordination function of Cr is defined as:
Figure imgf000016_0001
The result T11 is obtained by computing the degree of subordination function of factor Cr, and its value denotes the possibility of the P2P service. At the same time, the result of 1-T11 is regarded as the possibility of non-P2P service, namely T12, and then an evaluation set Vi of factor Cr can be obtained according to T11 , T12.
Similarly, the empirical degree of subordination function of factor θ is defined as following:
Figure imgf000016_0002
and by computing the degree of subordination function of factor θ, its two values τ21f T22 denote respectively the possibility of the P2P service and the possibility of non-P2P service, thereby obtaining the evaluation set V2 of factor θ further according to T21, T22. As to the factor tu, similarly, the evaluation set V3 of factor tu can be obtained by the degree of subordination function constructed by Cauchy distribution according to the aforementioned method, which does not need further description.
An evaluation value matrix is further generated according to said three degrees of subordination functions, namely
Figure imgf000017_0001
As to the unpopular files in the P2P service, the users participating in file mutual-transmission are relatively few so the TCP connection number created by users is small, and therefore the peak value of TCP connection number of this type of unpopular files is not more obvious than the peak value of connections of popular files in the P2P service. However, in some extreme cases, certain non-P2P service (for example, a web service) can also create more connections in short period due to opening a great deal of webpages, and in this case the connections properties of non P2P service would be close to the TCP connection number properties of the unpopular P2P service. It is difficult to precisely differentiate only depending on the TCP connection variation rate here. However, according to the P2P service nature, differentiation on flow can be done by factor tu because of the uploading flow generated by the web service. The weight value for tu is smaller than the weight values for the other two factors because factor tu is only directed against exceptional cases.
The weight values are different because the importance of said three factors is different, for example setting the weight values of three factors at 0.4, 0.4 and 0.2 respectively. A is defined to be a weight value set for said three factors, namely A= (ai, a2, a3) , wherein, a± is the weight value for Cr; a2 is the weight value for θ; a3 is the weight value for tu. Finally, a comprehensive evaluation result B is obtained by the equation B=A-R which performs a multiplication operation between the weight value vectors for the three factors and the evaluation matrix. Said B has two component values, namely B= (bi, b2) , wherein bi denotes the possibility of the P2P service and b2 denotes the possibility of non P2P service.
Step 305: Evaluating the analysis result and determining whether or not a service corresponding to said TCP connection is a point-to-point service.
The final identification is made according to the generated comprehensive evaluation result B. The identification precision is determined by adjusting its evaluation value according to the user needs: if adopting less precision, only bi>b2 is needed, namely to set said evaluation threshold at 0.5. When bi>0.5, the corresponding service is then regarded as the P2P service; otherwise, the corresponding service is not regarded as the P2P service. If the precision needs to be improved, the evaluation threshold can be increased properly. When bi is larger than the evaluation threshold, the corresponding service is then regarded as P2P service; otherwise, the corresponding service is not regarded as P2P service .
When the analysis result indicates that the corresponding service is the P2P service, performing Step 306; otherwise it returns to Step 301.
Step 306: outputting the analysis result.
The analysis result corresponding to the P2P service is outputted, and then the P2P system can construct the P2P strategy according to said analysis result and perform the corresponding administration, thereby controlling the quality of service. Since the operation such as administration after outputting the analysis result is not the protected content of the present invention, here we will not go further on this point .
Based on the aforementioned technical solution, the present invention also provides a device for identifying a point-to-point service, comprising: a data collecting unit 401, a data analyzing unit 402, and an evaluating unit 409. The data collecting unit 401 outputs the collected TCP connection information to the data analyzing unit 402; said data analyzing unit 402 performs the properties analysis of the TCP connection number on said TCP connection information; and the evaluating unit 409 determines whether or not a service corresponding to said TCP connection is a point-to-point service according to the analysis result of said data analyzing unit 402.
Fig.4 is a device structure chart of the embodiment one of method for identifying P2P service according to the present invention. Said device comprises: a data collecting unit 401, a data analyzing unit 402, a storage unit 405, an evaluating unit 409 and an adjustment unit 410. Said data analyzing unit 402 comprises a data processing module 403, a determining module 404, a data analyzing module 407; and said data analyzing module 407 comprises an evaluation value matrix generating module 406 and an analysis result generating module 408.
The data collecting unit 401 is used for checking the data packet head, collecting the TCP connection request data packets by grouping them in the unit of a time segment, and outputting the collected TCP connection information to the data analyzing unit 402 to perform the processing analysis; said TCP connection information comprises the TCP connection number at the user end, the uploading flow number and the total flow number. Said data processing module 403 generates the factors for the property analysis of the TCP connection number according to the collected TCP connection information, and said factors comprise a TCP connection number variation rate and a percentage of the uploading flow quantity in the total flow quantity. Said TCP connection number variation rate is a rate between the connections in current time segment and the connections in a previous time segment, and the average percentage is a percentage between the average uploading flow quantity and the total flow quantity within several adjacent time slots. Said determining module 404 determines if the processing result is saved according to the comparison result between the TCP connection number variation rate and the variation rate threshold pre-set in the adjustment unit 410. If said TCP connection number variation rate is larger than the variation rate threshold, then said factors are sent to the data analyzing module 407 through the storage unit 405; otherwise, the data collecting unit 401 is instructed to continue to collect the TCP connection information.
The data analyzing module 407 performs the property analysis of the TCP connection number on the factors stored in the storage unit 405 using a fuzzy operation rule. Said analysis process comprises the evaluation value matrix generating module 406 performing a corresponding degree of subordination function operation on said factors respectively, so as to obtain the matrix of factor evaluation values; the analysis result generating module 408 multiplies said matrix of factor evaluation values by the factor weight values, and outputs the generated analysis result to the evaluating unit 409. Said evaluating unit 409 performs the final analysis on the result according to an evaluation threshold pre-set in the adjustment unit 410, and determines whether or not a service corresponding to said TCP connection is a point-to-point service. If it is a point-to-point service, said evaluating unit 409 outputs the result of P2P service; otherwise, the data collecting unit 401 is constructed to continue to collect the TCP connection information.
The adjustment unit 410 is used for collecting the time segment, and adjusting said degree of subordination function, weight values, variation rate thresholds and evaluation thresholds of three factors.
The method for identifying the P2P service of the present invention, in addition to adopting the aforementioned fuzzy algorithm to perform the analysis on factors such as the variation rate of TCP connection number, can perform the identification purely by analyzing the TCP connection number. This is because a service node will create a great deal of TCP connection with other nodes to perform the file mutual- transmission when providing the P2P service, and the TCP connection number of P2P service is more than the connections of other non P2P service. Therefore if the TCP connection number within a time segment is more than the TCP connection number within a previous time slot, then current large TCP connection number is regarded as a P2P connection, and the operating service in the current time segment is regarded as a P2P service.
Fig.5 is a flowchart of embodiment 2 according to the present invention for identifying the P2P service. The specific steps of the flowchart are:
Step 501: collecting the TCP connection number.
Said TCP connection information comprises a TCP connection number at a user end in current time segment, an uploading flow number and a total flow number. Said TCP connection information has a plurality of collection modes, for example a Software Development Kit (SDK) can be installed at a user end, a gateway, a router or a GGSN (namely Gateway GPRS Support Node) in a mobile communications network, such as a preferred software package winPcap. Then, the packet head information is analyzed using the software kit, so as to collect the TCP connection information. The TCP connection number is obtained by counting the number of connection request packets according to the present invention. The preferred mode is to perform the collection in the unit of a time segment, and said time segment can be set in advance according to the measurement data, for example setting 30s as one interval.
If it is in an IMS network, an IMS session will be created before creating the TCP connection, while a presence server in IMS network can record the online user's information. Therefore the TCP connection number can be obtained by the online user's information recorded in the presence server in the IMS network.
Step 502 to Step 503: performing the property analysis of the TCP connection and determining whether or not a service corresponding to said TCP connection is a point-to-point service .
Comparing the collected P2P connections with the pre-set connection threshold, and determining whether or not the service corresponding to said TCP connection is a P2P service according to the analysis result. If the TCP connection number is larger than said connections threshold in a time segment, then the performing service in the time segment is regarded as a P2P service; otherwise, it is not a P2P service.
Said connection threshold can be set empirically according to the user's needs for identification precision. For example, a plurality of groups of connection data of a P2P service can be collected, wherein a peak value of TCP connection number which is relatively low but still higher than most of the connection peak values of non P2P service is used as the connection threshold. The setting method provided above is only one of the embodiments, and its design idea is that, so long as a value is between the peak value of TCP connection number of a non P2P service and the peak value of TCP connection number of a P2P service, it can be used as a connection threshold. The setting method is not exclusive because said threshold is set empirically, and therefore so long as said threshold and its setting method are based on the aforementioned idea, they are in the scope of protection of the present invention.
When it is a P2P service, then Step 504 is executed; otherwise it returns to Step 501.
Step 504: outputting the analysis result.
The analysis result corresponding to a P2P service is outputted, and then the P2P system can construct the P2P strategy according to said analysis result and perform the corresponding administration, thereby controlling the quality of service. Since an operation such as administration after outputting the analysis result is not the protected content of the present invention, here we will not go further on this point .
Based on the aforementioned technical solution, the present invention also provides a device of embodiment 2 of the method for identifying a P2P service, referring to Fig.6. Fig.6 is the device structure diagram of embodiment 2 of the method for identifying a P2P service according to the present invention. Said device comprises a data collecting unit 601, a data analyzing unit 602, an evaluating unit 603 and an adjustment unit 604. The collecting unit 601 is used for checking the data packet head and collecting the TCP connection request data packets by grouping them in units of time segment, and outputting the collected TCP connection information to the data analyzing unit 602. Said data analyzing unit 602 performs the property analysis of TCP connection number by comparing the TCP connection number with the connections threshold. The evaluating unit 603 determines whether or not a service corresponding to said TCP connection is a point-to-point service according to the analysis result of said data analyzing unit 602. If the TCP connection number is larger than said connections threshold in a time segment, then said evaluating unit 603 regards the performing service as a P2P service, and outputs the result of said P2P service; otherwise, said evaluating unit 603 instructs the data collecting unit 601 to continue collecting the TCP connection information.
Said adjustment unit 604 is used for setting a collection time segment and a connection threshold.
The aforementioned embodiments of the present invention do not constitute a limitation on the scope of protection of the present invention. Any modification, equivalent substitution, improvement, and so on within the spirit and principle of the present invention should be included in the scope of protection of the present invention.

Claims

Claims
1. A method for identifying a point-to-point service in a communications network, wherein it comprises: collecting TCP connection information; performing a property analysis of a TCP connection number on said TCP connection information; determining whether or not a service corresponding to said TCP connection is a point-to-point service according to an analysis result.
2. The method as claimed in claim 1, wherein said step of collecting the TCP connection information comprises: counting TCP data packets grouped by the unit of a time segment, and obtaining the TCP connection information according to packet head information of the TCP data packets; wherein said TCP connection information comprises a TCP connection number, an uploading flow and a total flow.
3. The method as claimed in claim 1, wherein the step of performing the property analysis of said TCP connection number comprises : generating factors for performing the property analysis of TCP connection number according to said TCP connection information, wherein said factor comprises a TCP connection number variation rate, the percentage of an uploading flow in a total flow, and the quantity of the uploading flow; performing the property analysis of the TCP connection number on said factors by using a fuzzy operation rule.
4. The method as claimed in claim 3, wherein the step of performing the property analysis of the TCP connection number on the factors by using a fuzzy operation rule comprises: performing respectively on said factors a corresponding degree of subordination function operation, so as to obtain a matrix of factor evaluation values; multiplying said matrix of factor evaluation values by a weight value of each corresponding factor, so as to obtain the analysis result.
5. The method as claimed in claim 4, wherein the degree of subordination function is determined by a Cauchy distribution.
6. The method as claimed in claims 1 to 4, wherein said step of determining whether or not the service corresponding to said TCP connection is a point-to-point service according to the analysis result comprises: comparing the analysis result with an evaluation threshold, wherein if said analysis result is larger than the threshold, the service is a point-to-point service; otherwise, the service is not a point-to-point service.
7. The method as claimed in claim 3, wherein before said step of performing the property analysis of the TCP connection number on said factors by using the fuzzy operation rule, it further comprises: determining the size of the TCP connection number variation rate and a threshold of the variation rate, wherein if said TCP connection number variation rate is larger than the threshold, it is saved and it proceeds to a following step; otherwise, it returns to the step of collecting the TCP connection information.
8. The method as claimed in claim 2, wherein said steps of performing the property analysis of the TCP connection number on said TCP connection information and determining whether or not the service corresponding to said TCP connection is a point-to-point service according to the analysis result comprise : comparing the TCP connection number with the connections threshold; and wherein if said TCP connection number is larger than the threshold, the service is a point-to-point service; otherwise, the service is not a point-to-point service.
9. The method as claimed in claim 6 or 8, wherein after said step of determining whether or not the service corresponding to said TCP connection is a point-to-point service according to the analysis result, it further comprises: outputting the analysis result if the service is a point- to-point service; otherwise, returning to the step of collecting the TCP connection information.
10. A device for identifying a point-to-point service in a communications network, wherein it comprises a data collecting unit, a data analyzing unit and an evaluating unit; and wherein said data collecting unit collects the TCP connection information; said data analyzing unit performs property analysis of a TCP connection number on the TCP connection information collected by said data collecting unit; and said evaluating unit determines whether or not a service corresponding to said TCP connection is a point-to-point service according to the analysis result of said data analyzing unit .
11. The device as claimed in claim 10, wherein said data analyzing unit comprises: a data processing module and a data analyzing module; the data processing module generates factors for the property analysis of the TCP connection number according to said TCP connection information; and the data analyzing module performs on said factors the property analysis of the TCP connection number by using a fuzzy operation rule.
12. The device as claimed in claim 11, wherein said data analyzing module comprises: an evaluation value matrix generating module and an analysis result generating module; the evaluation value matrix generating module performs a corresponding degree of subordination function operation respectively on said factors, so as to obtain a matrix of factor evaluation values; and the analysis result generating module multiplies said matrix of factor evaluation values by a weight value of each corresponding factor, so as to obtain the analysis result.
13. The device as claimed in claim 11, wherein said factors comprise a TCP connection variation rate; and said device further comprises a determining module for comparing the variation rate of the TCP connection number generated by the data processing module with a variation rate threshold, and if said TCP connection number variation rate is larger than the threshold, said factors are sent to the data analyzing module through a data storage unit; otherwise, the data collecting unit is instructed to continue collecting the TCP connection information.
14. The device as claimed in claim 10, wherein said TCP connection information comprises a TCP connection number; said data analyzing unit compares the TCP connection number collected by the data collecting unit with the threshold of the connection number; and said evaluating unit determines whether or not the service corresponding to said TCP connection number is a point-to-point service according to the analysis result of said data analyzing unit .
PCT/EP2007/062039 2006-11-14 2007-11-08 Method for identifying peer to peer services in a communications network WO2008058884A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200610148469 CN101184081A (en) 2006-11-14 2006-11-14 Method and device for identifying point-to-point service in communication network
CN200610148469.5 2006-11-14

Publications (1)

Publication Number Publication Date
WO2008058884A1 true WO2008058884A1 (en) 2008-05-22

Family

ID=39223438

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2007/062039 WO2008058884A1 (en) 2006-11-14 2007-11-08 Method for identifying peer to peer services in a communications network

Country Status (2)

Country Link
CN (1) CN101184081A (en)
WO (1) WO2008058884A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111401A (en) * 2010-12-16 2011-06-29 成都市华为赛门铁克科技有限公司 Protocol recognition method and device as well as equipment
US8634463B2 (en) 2006-04-04 2014-01-21 Qualcomm Incorporated Apparatus and method of enhanced frame interpolation in video compression

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645803B (en) * 2008-08-05 2011-11-23 中兴通讯股份有限公司 P2P service identification method and Internet service identification system
CN110290003A (en) * 2019-06-27 2019-09-27 携程旅游信息技术(上海)有限公司 Dynamically distribute the method and system of the TCP connection number of short message supplier

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LIJUAN ZHOU ET AL: "P2P Traffic Identification by TCP Flow Analysis", NETWORKING, ARCHITECTURE, AND STORAGES, 2006. NAS '06. INTERNATIONAL WORKSHOP ON SHENYANG, CHINA 01-03 AUG. 2006, PISCATAWAY, NJ, USA,IEEE, 1 August 2006 (2006-08-01), pages 47 - 50, XP010934080, ISBN: 0-7695-2651-9 *
MATSUDA T ET AL: "Traffic Features Fit for P2P Discrimination", INFORMATION AND TELECOMMUNICATION TECHNOLOGIES, 2005. APSITT 2005 PROCEEDINGS. 6TH ASIA-PACIFIC SYMPOSIUM ON YANGON, MYANMAR 09-10 NOV. 2005, PISCATAWAY, NJ, USA,IEEE, 9 November 2005 (2005-11-09), pages 230 - 235, XP010893465, ISBN: 4-88552-216-1 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8634463B2 (en) 2006-04-04 2014-01-21 Qualcomm Incorporated Apparatus and method of enhanced frame interpolation in video compression
CN102111401A (en) * 2010-12-16 2011-06-29 成都市华为赛门铁克科技有限公司 Protocol recognition method and device as well as equipment

Also Published As

Publication number Publication date
CN101184081A (en) 2008-05-21

Similar Documents

Publication Publication Date Title
Saroiu et al. Measuring and analyzing the characteristics of Napster and Gnutella hosts
Zhang et al. Understanding the characteristics of cellular data traffic
Klemm et al. Characterizing the query behavior in peer-to-peer file sharing systems
Erman et al. Bittorrent session characteristics and models: extended version
Saroiu et al. Measurement study of peer-to-peer file sharing systems
Chalmers et al. Modeling the branching characteristics and efficiency gains in global multicast trees
US7843827B2 (en) Method and device for configuring a network device
Kihl et al. Traffic analysis and characterization of Internet user behavior
Xiao et al. Dynamic layer management in superpeer architectures
US7698460B2 (en) Peer-to-peer method of quality of service (QoS) probing and analysis and infrastructure employing same
US9686173B1 (en) Unsupervised methodology to unveil content delivery network structures
US20080162639A1 (en) System and method for identifying peer-to-peer (P2P) application service
US20070041317A1 (en) Method and system for generating an annotated network topology
WO2008058884A1 (en) Method for identifying peer to peer services in a communications network
CN107070851B (en) System and method for connecting fingerprint generation and stepping stone tracing based on network flow
CN101668035B (en) Method for recognizing various P2P-TV application video flows in real time
Bashir et al. Classifying P2P activity in Netflow records: A case study on BitTorrent
Yu et al. CBT: A proximity-aware peer clustering system in large-scale BitTorrent-like peer-to-peer networks
JP4535275B2 (en) Bandwidth control device
Shi et al. Popularity adaptive search in hybrid P2P systems
Dang et al. On the Identification and Analysis of P2P Traffic aggregation
Castoreo et al. Weaknesses and challenges of network neutrality measurement tools
Stohr et al. Towards improved DASH adaptation in NDN: An emulative analysis
Li et al. HMC: a novel mechanism for identifying encrypted P2P thunder traffic
Chen et al. Mitigating cache pollution attack in information centric mobile internet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07822343

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07822343

Country of ref document: EP

Kind code of ref document: A1